CNNVD-202508-2235 Information

CNNVD ID

CNNVD-202508-2235

Related CVE

CVE-2025-9168

• CNNVD Published: 2025-08-19

Description (Chinese)

SolidInvoice是SolidInvoice开源的一个发票解决方案应用程序。 SolidInvoice 2.4.0及之前版本存在代码注入漏洞，该漏洞源于组件Invoice Creation Module中文件/invoice对参数Client Name的错误操作，导致跨站脚本攻击。

Description (English)

SolidInvoice is an invoicedInvoice open-source application. There is a code injection loophole in SolidInvice 2.4.0 and earlier versions, which results from the error of file/inview against the parameter Clarent Name in the component InfoiceCreation Mode.

Hazard Level

Critical

Vulnerability Type

代码注入

Affected Vendor

SolidInvoice

Published

2025-08-19

Last Modified

2026-02-24

References

https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84POC%20Stored%20XSS%202.md https://vuldb.com/?id.320545 https://github.com/Gabrielmouraofc/PoC_Vuldb/blob/main/%F0%9F%93%84POC%20Stored%20XSS%202.md#-exploitation-steps https://vuldb.com/?submit.630625 https://vuldb.com/?ctiid.320545 https://access.redhat.com/security/cve/cve-2025-9168 https://nvd.nist.gov/vuln/detail/CVE-2025-9168